npm - @ambushsoftworks/nestjs-auth-graphql - Versions diffs - 0.1.3 - Mend

@ambushsoftworks/nestjs-auth-graphql 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (279) hide show

package/dist/services/encryption.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"encryption.service.js","sourceRoot":"","sources":["../../src/services/encryption.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,mCAA+E;AAC/E,+BAAiC;AACjC,gDAAwE;AA2BjE,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAQ5B,YAAyC,OAA0B;QAPlD,cAAS,GAAG,aAAa,CAAC;QAC1B,aAAQ,GAAG,EAAE,CAAC;QACd,kBAAa,GAAG,EAAE,CAAC;QACnB,eAAU,GAAG,EAAE,CAAC;QAChB,cAAS,GAAG,EAAE,CAAC;QAI9B,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,aAAa,CAAC;IAChD,CAAC;IAOD,KAAK,CAAC,OAAO,CAAC,SAAiB;QAE7B,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC;QAGrC,MAAM,EAAE,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAGtC,MAAM,IAAI,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAG1C,MAAM,WAAW,GAAG,IAAA,gBAAS,EAAC,eAAM,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,CAAC,MAAM,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAW,CAAC;QAGxE,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAGvD,IAAI,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QAC/D,UAAU,IAAI,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAGxC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAGpC,OAAO;YACL,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC1B,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;YACxB,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC7B,UAAU;SACX,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACd,CAAC;IAQD,KAAK,CAAC,OAAO,CAAC,aAAqB;QACjC,IAAI,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;YACJ,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC;YAGrC,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;YAED,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,CAAC,GAAG,KAAK,CAAC;YAGvD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAC/C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;YAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YAGrD,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;YACD,IAAI,EAAE,CAAC,MAAM,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAChC,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YACvC,CAAC;YACD,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC1C,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;YAC7C,CAAC;YAGD,MAAM,WAAW,GAAG,IAAA,gBAAS,EAAC,eAAM,CAAC,CAAC;YACtC,MAAM,GAAG,GAAG,CAAC,MAAM,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAW,CAAC;YAGxE,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YAG3D,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAG7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;YACjE,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAEpC,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEf,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAOD,WAAW,CAAC,KAAa;QACvB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC;IAC5B,CAAC;CACF,CAAA;AAlIY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;IASE,WAAA,IAAA,eAAM,EAAC,iCAAmB,CAAC,CAAA;;GAR7B,iBAAiB,CAkI7B"}

package/dist/services/noop-email.service.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { IEmailService } from '../interfaces/email-service.interface';
+export declare class NoOpEmailService implements IEmailService {
+    private readonly logger;
+    sendVerificationEmail(email: string, code: string, expiresInMinutes: number): Promise<void>;
+    sendPasswordResetEmail(email: string, resetToken: string, resetUrl: string): Promise<void>;
+    sendAccountLockedEmail(email: string, lockDurationMinutes: number): Promise<void>;
+    sendWelcomeEmail(email: string, name?: string): Promise<void>;
+    sendAccountLinkedEmail(email: string, provider: 'google' | 'facebook', linkedAt: Date): Promise<void>;
+    sendAccountUnlinkedEmail(email: string, provider: 'google' | 'facebook', unlinkedAt: Date): Promise<void>;
+    sendPasswordChangedEmail(email: string, changedAt: Date, ipAddress?: string): Promise<void>;
+}
+//# sourceMappingURL=noop-email.service.d.ts.map

package/dist/services/noop-email.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"noop-email.service.d.ts","sourceRoot":"","sources":["../../src/services/noop-email.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,uCAAuC,CAAC;AAOtE,qBACa,gBAAiB,YAAW,aAAa;IACpD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqC;IAEtD,qBAAqB,CACzB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,IAAI,CAAC;IAMV,sBAAsB,CAC1B,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC;IAMV,sBAAsB,CAC1B,KAAK,EAAE,MAAM,EACb,mBAAmB,EAAE,MAAM,GAC1B,OAAO,CAAC,IAAI,CAAC;IAMV,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM7D,sBAAsB,CAC1B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,QAAQ,GAAG,UAAU,EAC/B,QAAQ,EAAE,IAAI,GACb,OAAO,CAAC,IAAI,CAAC;IAMV,wBAAwB,CAC5B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,QAAQ,GAAG,UAAU,EAC/B,UAAU,EAAE,IAAI,GACf,OAAO,CAAC,IAAI,CAAC;IAMV,wBAAwB,CAC5B,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,IAAI,EACf,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC;CAKjB"}

package/dist/services/noop-email.service.js ADDED Viewed

@@ -0,0 +1,42 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var NoOpEmailService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NoOpEmailService = void 0;
+const common_1 = require("@nestjs/common");
+let NoOpEmailService = NoOpEmailService_1 = class NoOpEmailService {
+    constructor() {
+        this.logger = new common_1.Logger(NoOpEmailService_1.name);
+    }
+    async sendVerificationEmail(email, code, expiresInMinutes) {
+        this.logger.log(`[NoOp] Would send verification email to ${email} with code ${code}, expires in ${expiresInMinutes} minutes`);
+    }
+    async sendPasswordResetEmail(email, resetToken, resetUrl) {
+        this.logger.log(`[NoOp] Would send password reset email to ${email} with token ${resetToken}, URL: ${resetUrl}`);
+    }
+    async sendAccountLockedEmail(email, lockDurationMinutes) {
+        this.logger.log(`[NoOp] Would send account locked email to ${email}, locked for ${lockDurationMinutes} minutes`);
+    }
+    async sendWelcomeEmail(email, name) {
+        this.logger.log(`[NoOp] Would send welcome email to ${email} for user ${name || 'unknown'}`);
+    }
+    async sendAccountLinkedEmail(email, provider, linkedAt) {
+        this.logger.log(`[NoOp] Would send account linked email to ${email}, provider: ${provider}, linked at: ${linkedAt}`);
+    }
+    async sendAccountUnlinkedEmail(email, provider, unlinkedAt) {
+        this.logger.log(`[NoOp] Would send account unlinked email to ${email}, provider: ${provider}, unlinked at: ${unlinkedAt}`);
+    }
+    async sendPasswordChangedEmail(email, changedAt, ipAddress) {
+        this.logger.log(`[NoOp] Would send password changed email to ${email}, changed at: ${changedAt}, IP: ${ipAddress || 'unknown'}`);
+    }
+};
+exports.NoOpEmailService = NoOpEmailService;
+exports.NoOpEmailService = NoOpEmailService = NoOpEmailService_1 = __decorate([
+    (0, common_1.Injectable)()
+], NoOpEmailService);
+//# sourceMappingURL=noop-email.service.js.map

package/dist/services/noop-email.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"noop-email.service.js","sourceRoot":"","sources":["../../src/services/noop-email.service.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAoD;AAS7C,IAAM,gBAAgB,wBAAtB,MAAM,gBAAgB;IAAtB;QACY,WAAM,GAAG,IAAI,eAAM,CAAC,kBAAgB,CAAC,IAAI,CAAC,CAAC;IAkE9D,CAAC;IAhEC,KAAK,CAAC,qBAAqB,CACzB,KAAa,EACb,IAAY,EACZ,gBAAwB;QAExB,IAAI,CAAC,MAAM,CAAC,GAAG,CACb,2CAA2C,KAAK,cAAc,IAAI,gBAAgB,gBAAgB,UAAU,CAC7G,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,sBAAsB,CAC1B,KAAa,EACb,UAAkB,EAClB,QAAgB;QAEhB,IAAI,CAAC,MAAM,CAAC,GAAG,CACb,6CAA6C,KAAK,eAAe,UAAU,UAAU,QAAQ,EAAE,CAChG,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,sBAAsB,CAC1B,KAAa,EACb,mBAA2B;QAE3B,IAAI,CAAC,MAAM,CAAC,GAAG,CACb,6CAA6C,KAAK,gBAAgB,mBAAmB,UAAU,CAChG,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAAa,EAAE,IAAa;QACjD,IAAI,CAAC,MAAM,CAAC,GAAG,CACb,sCAAsC,KAAK,aAAa,IAAI,IAAI,SAAS,EAAE,CAC5E,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,sBAAsB,CAC1B,KAAa,EACb,QAA+B,EAC/B,QAAc;QAEd,IAAI,CAAC,MAAM,CAAC,GAAG,CACb,6CAA6C,KAAK,eAAe,QAAQ,gBAAgB,QAAQ,EAAE,CACpG,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,KAAa,EACb,QAA+B,EAC/B,UAAgB;QAEhB,IAAI,CAAC,MAAM,CAAC,GAAG,CACb,+CAA+C,KAAK,eAAe,QAAQ,kBAAkB,UAAU,EAAE,CAC1G,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,KAAa,EACb,SAAe,EACf,SAAkB;QAElB,IAAI,CAAC,MAAM,CAAC,GAAG,CACb,+CAA+C,KAAK,iBAAiB,SAAS,SAAS,SAAS,IAAI,SAAS,EAAE,CAChH,CAAC;IACJ,CAAC;CACF,CAAA;AAnEY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,mBAAU,GAAE;GACA,gBAAgB,CAmE5B"}

package/dist/services/noop-sms.service.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { ISmsService } from '../interfaces/sms-service.interface';
+export declare class NoOpSmsService implements ISmsService {
+    private readonly logger;
+    sendVerificationSms(phoneNumber: string, code: string, expiresInMinutes: number): Promise<void>;
+    normalizePhoneNumber(phoneNumber: string, countryCode?: string): string | null;
+    maskPhoneNumber(phoneNumber: string): string;
+}
+//# sourceMappingURL=noop-sms.service.d.ts.map

package/dist/services/noop-sms.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"noop-sms.service.d.ts","sourceRoot":"","sources":["../../src/services/noop-sms.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAOlE,qBACa,cAAe,YAAW,WAAW;IAChD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAmC;IAEpD,mBAAmB,CACvB,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,MAAM,EACZ,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,IAAI,CAAC;IAMhB,oBAAoB,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAU9E,eAAe,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM;CAS7C"}

package/dist/services/noop-sms.service.js ADDED Viewed

@@ -0,0 +1,38 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var NoOpSmsService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NoOpSmsService = void 0;
+const common_1 = require("@nestjs/common");
+let NoOpSmsService = NoOpSmsService_1 = class NoOpSmsService {
+    constructor() {
+        this.logger = new common_1.Logger(NoOpSmsService_1.name);
+    }
+    async sendVerificationSms(phoneNumber, code, expiresInMinutes) {
+        this.logger.log(`[NoOp] Would send verification SMS to ${phoneNumber} with code ${code}, expires in ${expiresInMinutes} minutes`);
+    }
+    normalizePhoneNumber(phoneNumber, countryCode) {
+        const normalized = phoneNumber.replace(/\D/g, '');
+        const result = normalized.length > 0 ? (countryCode ? `+${normalized}` : normalized) : null;
+        this.logger.log(`[NoOp] Normalized phone number ${phoneNumber} (${countryCode || 'no country code'}) → ${result}`);
+        return result;
+    }
+    maskPhoneNumber(phoneNumber) {
+        const normalized = this.normalizePhoneNumber(phoneNumber);
+        if (!normalized)
+            return '***-***-****';
+        const masked = `***-***-${normalized.slice(-4)}`;
+        this.logger.log(`[NoOp] Masked phone number ${phoneNumber} → ${masked}`);
+        return masked;
+    }
+};
+exports.NoOpSmsService = NoOpSmsService;
+exports.NoOpSmsService = NoOpSmsService = NoOpSmsService_1 = __decorate([
+    (0, common_1.Injectable)()
+], NoOpSmsService);
+//# sourceMappingURL=noop-sms.service.js.map

package/dist/services/noop-sms.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"noop-sms.service.js","sourceRoot":"","sources":["../../src/services/noop-sms.service.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAoD;AAS7C,IAAM,cAAc,sBAApB,MAAM,cAAc;IAApB;QACY,WAAM,GAAG,IAAI,eAAM,CAAC,gBAAc,CAAC,IAAI,CAAC,CAAC;IA+B5D,CAAC;IA7BC,KAAK,CAAC,mBAAmB,CACvB,WAAmB,EACnB,IAAY,EACZ,gBAAwB;QAExB,IAAI,CAAC,MAAM,CAAC,GAAG,CACb,yCAAyC,WAAW,cAAc,IAAI,gBAAgB,gBAAgB,UAAU,CACjH,CAAC;IACJ,CAAC;IAED,oBAAoB,CAAC,WAAmB,EAAE,WAAoB;QAE5D,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5F,IAAI,CAAC,MAAM,CAAC,GAAG,CACb,kCAAkC,WAAW,KAAK,WAAW,IAAI,iBAAiB,OAAO,MAAM,EAAE,CAClG,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,eAAe,CAAC,WAAmB;QACjC,MAAM,UAAU,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU;YAAE,OAAO,cAAc,CAAC;QACvC,MAAM,MAAM,GAAG,WAAW,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,IAAI,CAAC,MAAM,CAAC,GAAG,CACb,8BAA8B,WAAW,MAAM,MAAM,EAAE,CACxD,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;CACF,CAAA;AAhCY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,mBAAU,GAAE;GACA,cAAc,CAgC1B"}

package/dist/services/oauth-linking-token.service.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import { JwtService } from '@nestjs/jwt';
+import { ConfigService } from '@nestjs/config';
+export interface OAuthLinkingTokenPayload {
+    googleId: string;
+    email: string;
+    iat: number;
+    exp: number;
+}
+export interface FacebookEmailFallbackTokenPayload {
+    facebookId: string;
+    purpose: 'facebook_email_fallback';
+    iat: number;
+    exp: number;
+}
+export declare class OAuthLinkingTokenService {
+    private jwtService;
+    private configService;
+    constructor(jwtService: JwtService, configService: ConfigService);
+    generateLinkingToken(googleId: string, email: string): string;
+    validateLinkingToken(token: string): OAuthLinkingTokenPayload;
+    generateFacebookEmailFallbackToken(facebookId: string): string;
+    validateFacebookEmailFallbackToken(token: string): FacebookEmailFallbackTokenPayload;
+}
+//# sourceMappingURL=oauth-linking-token.service.d.ts.map

package/dist/services/oauth-linking-token.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-linking-token.service.d.ts","sourceRoot":"","sources":["../../src/services/oauth-linking-token.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAM/C,MAAM,WAAW,wBAAwB;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAWD,MAAM,WAAW,iCAAiC;IAChD,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,yBAAyB,CAAC;IACnC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAqBD,qBACa,wBAAwB;IAEjC,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,aAAa;gBADb,UAAU,EAAE,UAAU,EACtB,aAAa,EAAE,aAAa;IAUtC,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM;IAoB7D,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,wBAAwB;IA6B7D,kCAAkC,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAsB9D,kCAAkC,CAChC,KAAK,EAAE,MAAM,GACZ,iCAAiC;CAuBrC"}

package/dist/services/oauth-linking-token.service.js ADDED Viewed

@@ -0,0 +1,79 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthLinkingTokenService = void 0;
+const common_1 = require("@nestjs/common");
+const jwt_1 = require("@nestjs/jwt");
+const config_1 = require("@nestjs/config");
+let OAuthLinkingTokenService = class OAuthLinkingTokenService {
+    constructor(jwtService, configService) {
+        this.jwtService = jwtService;
+        this.configService = configService;
+    }
+    generateLinkingToken(googleId, email) {
+        const payload = {
+            googleId,
+            email,
+        };
+        return this.jwtService.sign(payload, {
+            secret: this.configService.get('JWT_SECRET'),
+            expiresIn: '5m',
+        });
+    }
+    validateLinkingToken(token) {
+        try {
+            const payload = this.jwtService.verify(token, {
+                secret: this.configService.get('JWT_SECRET'),
+            });
+            return payload;
+        }
+        catch (error) {
+            if (error.name === 'TokenExpiredError') {
+                throw new Error('Linking session expired. Please sign in with Google again.');
+            }
+            throw new Error('Invalid linking token');
+        }
+    }
+    generateFacebookEmailFallbackToken(facebookId) {
+        const payload = {
+            facebookId,
+            purpose: 'facebook_email_fallback',
+        };
+        return this.jwtService.sign(payload, {
+            secret: this.configService.get('JWT_SECRET'),
+            expiresIn: '10m',
+        });
+    }
+    validateFacebookEmailFallbackToken(token) {
+        try {
+            const payload = this.jwtService.verify(token, {
+                secret: this.configService.get('JWT_SECRET'),
+            });
+            if (payload.purpose !== 'facebook_email_fallback') {
+                throw new Error('Invalid token purpose');
+            }
+            return payload;
+        }
+        catch (error) {
+            if (error.name === 'TokenExpiredError') {
+                throw new Error('Email entry session expired. Please sign in with Facebook again.');
+            }
+            throw new Error('Invalid email fallback token');
+        }
+    }
+};
+exports.OAuthLinkingTokenService = OAuthLinkingTokenService;
+exports.OAuthLinkingTokenService = OAuthLinkingTokenService = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [jwt_1.JwtService,
+        config_1.ConfigService])
+], OAuthLinkingTokenService);
+//# sourceMappingURL=oauth-linking-token.service.js.map

package/dist/services/oauth-linking-token.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-linking-token.service.js","sourceRoot":"","sources":["../../src/services/oauth-linking-token.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4C;AAC5C,qCAAyC;AACzC,2CAA+C;AAiDxC,IAAM,wBAAwB,GAA9B,MAAM,wBAAwB;IACnC,YACU,UAAsB,EACtB,aAA4B;QAD5B,eAAU,GAAV,UAAU,CAAY;QACtB,kBAAa,GAAb,aAAa,CAAe;IACnC,CAAC;IASJ,oBAAoB,CAAC,QAAgB,EAAE,KAAa;QAClD,MAAM,OAAO,GAAG;YACd,QAAQ;YACR,KAAK;SACN,CAAC;QAGF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,YAAY,CAAC;YACpD,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;IACL,CAAC;IASD,oBAAoB,CAAC,KAAa;QAChC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAA2B,KAAK,EAAE;gBACtE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,YAAY,CAAC;aACrD,CAAC,CAAC;YAEH,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACvC,MAAM,IAAI,KAAK,CACb,4DAA4D,CAC7D,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAaD,kCAAkC,CAAC,UAAkB;QACnD,MAAM,OAAO,GAAG;YACd,UAAU;YACV,OAAO,EAAE,yBAAyB;SACnC,CAAC;QAGF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,YAAY,CAAC;YACpD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;IACL,CAAC;IAWD,kCAAkC,CAChC,KAAa;QAEb,IAAI,CAAC;YACH,MAAM,OAAO,GACX,IAAI,CAAC,UAAU,CAAC,MAAM,CAAoC,KAAK,EAAE;gBAC/D,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,YAAY,CAAC;aACrD,CAAC,CAAC;YAGL,IAAI,OAAO,CAAC,OAAO,KAAK,yBAAyB,EAAE,CAAC;gBAClD,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACvC,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;CACF,CAAA;AA7GY,4DAAwB;mCAAxB,wBAAwB;IADpC,IAAA,mBAAU,GAAE;qCAGW,gBAAU;QACP,sBAAa;GAH3B,wBAAwB,CA6GpC"}

package/dist/services/oauth-state.service.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { ConfigService } from '@nestjs/config';
+import { JwtService } from '@nestjs/jwt';
+export interface OAuthStatePayload {
+    provider: 'google' | 'facebook' | 'apple';
+    redirectUrl: string;
+    nonce: string;
+    iat: number;
+    exp: number;
+}
+export declare class OAuthStateService {
+    private configService;
+    private jwtService;
+    private readonly expirySeconds;
+    constructor(configService: ConfigService, jwtService: JwtService);
+    generateState(provider: 'google' | 'facebook' | 'apple', redirectUrl: string): string;
+    validateState(state: string): OAuthStatePayload;
+    private validateRedirectUrl;
+}
+//# sourceMappingURL=oauth-state.service.d.ts.map

package/dist/services/oauth-state.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-state.service.d.ts","sourceRoot":"","sources":["../../src/services/oauth-state.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAOzC,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,QAAQ,GAAG,UAAU,GAAG,OAAO,CAAC;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAyBD,qBACa,iBAAiB;IAI1B,OAAO,CAAC,aAAa;IACrB,OAAO,CAAC,UAAU;IAJpB,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAO;gBAG3B,aAAa,EAAE,aAAa,EAC5B,UAAU,EAAE,UAAU;IAUhC,aAAa,CACX,QAAQ,EAAE,QAAQ,GAAG,UAAU,GAAG,OAAO,EACzC,WAAW,EAAE,MAAM,GAClB,MAAM;IA+BT,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,iBAAiB;IA+C/C,OAAO,CAAC,mBAAmB;CA6B5B"}

package/dist/services/oauth-state.service.js ADDED Viewed

@@ -0,0 +1,91 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthStateService = void 0;
+const common_1 = require("@nestjs/common");
+const config_1 = require("@nestjs/config");
+const jwt_1 = require("@nestjs/jwt");
+const crypto_1 = require("crypto");
+let OAuthStateService = class OAuthStateService {
+    constructor(configService, jwtService) {
+        this.configService = configService;
+        this.jwtService = jwtService;
+        this.expirySeconds = 600;
+    }
+    generateState(provider, redirectUrl) {
+        const nonce = (0, crypto_1.randomBytes)(16).toString('base64url');
+        const now = Math.floor(Date.now() / 1000);
+        const payload = {
+            provider,
+            redirectUrl,
+            nonce,
+            iat: now,
+            exp: now + this.expirySeconds,
+        };
+        const secret = this.configService.getOrThrow('OAUTH_STATE_SECRET');
+        const state = this.jwtService.sign(payload, {
+            secret,
+            expiresIn: this.expirySeconds,
+        });
+        return state;
+    }
+    validateState(state) {
+        try {
+            const secret = this.configService.getOrThrow('OAUTH_STATE_SECRET');
+            const payload = this.jwtService.verify(state, {
+                secret,
+            });
+            if (!payload.provider ||
+                !payload.redirectUrl ||
+                !payload.nonce ||
+                !payload.iat ||
+                !payload.exp) {
+                throw new common_1.UnauthorizedException('Invalid OAuth state: missing fields');
+            }
+            if (!['google', 'facebook', 'apple'].includes(payload.provider)) {
+                throw new common_1.UnauthorizedException('Invalid OAuth state: unknown provider');
+            }
+            this.validateRedirectUrl(payload.redirectUrl);
+            return payload;
+        }
+        catch (error) {
+            if (error instanceof common_1.UnauthorizedException) {
+                throw error;
+            }
+            throw new common_1.UnauthorizedException('Invalid OAuth state parameter');
+        }
+    }
+    validateRedirectUrl(redirectUrl) {
+        const whitelistRaw = this.configService.get('OAUTH_REDIRECT_WHITELIST', '');
+        const whitelist = whitelistRaw.split(',').map((url) => url.trim());
+        const defaultWhitelist = [
+            'http://localhost:3000',
+            'http://localhost:8080',
+            'exp://localhost:8081',
+        ];
+        const allowedUrls = [...whitelist, ...defaultWhitelist];
+        const isAllowed = allowedUrls.some((allowed) => {
+            if (!allowed)
+                return false;
+            return redirectUrl.startsWith(allowed);
+        });
+        if (!isAllowed) {
+            throw new common_1.UnauthorizedException('Invalid OAuth state: redirect URL not whitelisted');
+        }
+    }
+};
+exports.OAuthStateService = OAuthStateService;
+exports.OAuthStateService = OAuthStateService = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [config_1.ConfigService,
+        jwt_1.JwtService])
+], OAuthStateService);
+//# sourceMappingURL=oauth-state.service.js.map

package/dist/services/oauth-state.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-state.service.js","sourceRoot":"","sources":["../../src/services/oauth-state.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAmE;AACnE,2CAA+C;AAC/C,qCAAyC;AACzC,mCAAqC;AAsC9B,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAG5B,YACU,aAA4B,EAC5B,UAAsB;QADtB,kBAAa,GAAb,aAAa,CAAe;QAC5B,eAAU,GAAV,UAAU,CAAY;QAJf,kBAAa,GAAG,GAAG,CAAC;IAKlC,CAAC;IASJ,aAAa,CACX,QAAyC,EACzC,WAAmB;QAGnB,MAAM,KAAK,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAGpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAsB;YACjC,QAAQ;YACR,WAAW;YACX,KAAK;YACL,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,GAAG,GAAG,IAAI,CAAC,aAAa;SAC9B,CAAC;QAGF,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,UAAU,CAAS,oBAAoB,CAAC,CAAC;QAC3E,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YAC1C,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,aAAa;SAC9B,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACf,CAAC;IASD,aAAa,CAAC,KAAa;QACzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,UAAU,CAAS,oBAAoB,CAAC,CAAC;YAG3E,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAoB,KAAK,EAAE;gBAC/D,MAAM;aACP,CAAC,CAAC;YAGH,IACE,CAAC,OAAO,CAAC,QAAQ;gBACjB,CAAC,OAAO,CAAC,WAAW;gBACpB,CAAC,OAAO,CAAC,KAAK;gBACd,CAAC,OAAO,CAAC,GAAG;gBACZ,CAAC,OAAO,CAAC,GAAG,EACZ,CAAC;gBACD,MAAM,IAAI,8BAAqB,CAAC,qCAAqC,CAAC,CAAC;YACzE,CAAC;YAGD,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChE,MAAM,IAAI,8BAAqB,CAC7B,uCAAuC,CACxC,CAAC;YACJ,CAAC;YAGD,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAE9C,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEf,IAAI,KAAK,YAAY,8BAAqB,EAAE,CAAC;gBAC3C,MAAM,KAAK,CAAC;YACd,CAAC;YACD,MAAM,IAAI,8BAAqB,CAAC,+BAA+B,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IASO,mBAAmB,CAAC,WAAmB;QAE7C,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CACzC,0BAA0B,EAC1B,EAAE,CACH,CAAC;QACF,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QAGnE,MAAM,gBAAgB,GAAG;YACvB,uBAAuB;YACvB,uBAAuB;YACvB,sBAAsB;SACvB,CAAC;QAEF,MAAM,WAAW,GAAG,CAAC,GAAG,SAAS,EAAE,GAAG,gBAAgB,CAAC,CAAC;QAGxD,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7C,IAAI,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;YAC3B,OAAO,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAC7B,mDAAmD,CACpD,CAAC;QACJ,CAAC;IACH,CAAC;CACF,CAAA;AA7HY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;qCAKc,sBAAa;QAChB,gBAAU;GALrB,iBAAiB,CA6H7B"}

package/dist/services/refresh-token.service.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { ConfigService } from '@nestjs/config';
+interface RefreshCacheEntry {
+    accessToken: string;
+    refreshToken: string;
+    refreshTokenHash: string;
+    expiresAt: Date;
+}
+export declare class RefreshTokenService {
+    private configService;
+    private readonly tokenLength;
+    private readonly expiryDays;
+    private readonly gracePeriodSeconds;
+    private readonly refreshCache;
+    constructor(configService: ConfigService);
+    generateToken(): {
+        token: string;
+        hash: string;
+    };
+    hashToken(token: string): string;
+    validateToken(token: string, storedHash: string): boolean;
+    isTokenExpired(createdAt: Date): boolean;
+    getExpiryDate(): Date;
+    cacheRefreshResult(oldTokenHash: string, accessToken: string, refreshToken: string, refreshTokenHash: string): void;
+    getCachedRefreshResult(tokenHash: string): RefreshCacheEntry | null;
+    invalidateCachedRefresh(tokenHash: string): void;
+    private cleanupExpiredCache;
+}
+export {};
+//# sourceMappingURL=refresh-token.service.d.ts.map

package/dist/services/refresh-token.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"refresh-token.service.d.ts","sourceRoot":"","sources":["../../src/services/refresh-token.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAM/C,UAAU,iBAAiB;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,IAAI,CAAC;CACjB;AAyBD,qBACa,mBAAmB;IAQlB,OAAO,CAAC,aAAa;IAPjC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAM;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAM;IACjC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAM;IAGzC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAwC;gBAEjD,aAAa,EAAE,aAAa;IAShD,aAAa,IAAI;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE;IAgBhD,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAgBhC,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO;IAoCzD,cAAc,CAAC,SAAS,EAAE,IAAI,GAAG,OAAO;IAWxC,aAAa,IAAI,IAAI;IAerB,kBAAkB,CAChB,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,gBAAgB,EAAE,MAAM,GACvB,IAAI;IAkBP,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI;IAsBnE,uBAAuB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAQhD,OAAO,CAAC,mBAAmB;CAQ5B"}

package/dist/services/refresh-token.service.js ADDED Viewed

@@ -0,0 +1,106 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RefreshTokenService = void 0;
+const common_1 = require("@nestjs/common");
+const config_1 = require("@nestjs/config");
+const crypto_1 = require("crypto");
+let RefreshTokenService = class RefreshTokenService {
+    constructor(configService) {
+        this.configService = configService;
+        this.tokenLength = 32;
+        this.expiryDays = 30;
+        this.gracePeriodSeconds = 10;
+        this.refreshCache = new Map();
+        setInterval(() => this.cleanupExpiredCache(), 60 * 1000);
+    }
+    generateToken() {
+        const tokenBuffer = (0, crypto_1.randomBytes)(this.tokenLength);
+        const token = tokenBuffer.toString('base64url');
+        const hash = this.hashToken(token);
+        return { token, hash };
+    }
+    hashToken(token) {
+        const secret = this.configService.getOrThrow('REFRESH_TOKEN_SECRET');
+        const hmac = (0, crypto_1.createHmac)('sha256', secret);
+        hmac.update(token);
+        return hmac.digest('hex');
+    }
+    validateToken(token, storedHash) {
+        try {
+            const computedHash = this.hashToken(token);
+            const computedBuffer = Buffer.from(computedHash, 'hex');
+            const storedBuffer = Buffer.from(storedHash, 'hex');
+            if (computedBuffer.length !== 32 || storedBuffer.length !== 32) {
+                throw new common_1.UnauthorizedException('Invalid token format');
+            }
+            const isValid = (0, crypto_1.timingSafeEqual)(computedBuffer, storedBuffer);
+            if (!isValid) {
+                throw new common_1.UnauthorizedException('Invalid refresh token');
+            }
+            return true;
+        }
+        catch (error) {
+            if (error instanceof common_1.UnauthorizedException) {
+                throw error;
+            }
+            throw new common_1.UnauthorizedException('Invalid refresh token');
+        }
+    }
+    isTokenExpired(createdAt) {
+        const now = new Date();
+        const expiryMs = this.expiryDays * 24 * 60 * 60 * 1000;
+        const tokenAge = now.getTime() - createdAt.getTime();
+        return tokenAge > expiryMs;
+    }
+    getExpiryDate() {
+        const now = new Date();
+        const expiryMs = this.expiryDays * 24 * 60 * 60 * 1000;
+        return new Date(now.getTime() + expiryMs);
+    }
+    cacheRefreshResult(oldTokenHash, accessToken, refreshToken, refreshTokenHash) {
+        const expiresAt = new Date(Date.now() + this.gracePeriodSeconds * 1000);
+        this.refreshCache.set(oldTokenHash, {
+            accessToken,
+            refreshToken,
+            refreshTokenHash,
+            expiresAt,
+        });
+    }
+    getCachedRefreshResult(tokenHash) {
+        const entry = this.refreshCache.get(tokenHash);
+        if (!entry) {
+            return null;
+        }
+        if (new Date() > entry.expiresAt) {
+            this.refreshCache.delete(tokenHash);
+            return null;
+        }
+        return entry;
+    }
+    invalidateCachedRefresh(tokenHash) {
+        this.refreshCache.delete(tokenHash);
+    }
+    cleanupExpiredCache() {
+        const now = new Date();
+        for (const [key, entry] of this.refreshCache.entries()) {
+            if (now > entry.expiresAt) {
+                this.refreshCache.delete(key);
+            }
+        }
+    }
+};
+exports.RefreshTokenService = RefreshTokenService;
+exports.RefreshTokenService = RefreshTokenService = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [config_1.ConfigService])
+], RefreshTokenService);
+//# sourceMappingURL=refresh-token.service.js.map

package/dist/services/refresh-token.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"refresh-token.service.js","sourceRoot":"","sources":["../../src/services/refresh-token.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAmE;AACnE,2CAA+C;AAC/C,mCAAkE;AAoC3D,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IAQ9B,YAAoB,aAA4B;QAA5B,kBAAa,GAAb,aAAa,CAAe;QAP/B,gBAAW,GAAG,EAAE,CAAC;QACjB,eAAU,GAAG,EAAE,CAAC;QAChB,uBAAkB,GAAG,EAAE,CAAC;QAGxB,iBAAY,GAAG,IAAI,GAAG,EAA6B,CAAC;QAInE,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC;IAC3D,CAAC;IAMD,aAAa;QAEX,MAAM,WAAW,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAGhD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAEnC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAOD,SAAS,CAAC,KAAa;QACrB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,UAAU,CAAS,sBAAsB,CAAC,CAAC;QAC7E,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;IAWD,aAAa,CAAC,KAAa,EAAE,UAAkB;QAC7C,IAAI,CAAC;YAEH,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAG3C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;YACxD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YAGpD,IAAI,cAAc,CAAC,MAAM,KAAK,EAAE,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBAC/D,MAAM,IAAI,8BAAqB,CAAC,sBAAsB,CAAC,CAAC;YAC1D,CAAC;YAGD,MAAM,OAAO,GAAG,IAAA,wBAAe,EAAC,cAAc,EAAE,YAAY,CAAC,CAAC;YAE9D,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;YAC3D,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,8BAAqB,EAAE,CAAC;gBAC3C,MAAM,KAAK,CAAC;YACd,CAAC;YAED,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAOD,cAAc,CAAC,SAAe;QAC5B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC;QACrD,OAAO,QAAQ,GAAG,QAAQ,CAAC;IAC7B,CAAC;IAMD,aAAa;QACX,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACvD,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAWD,kBAAkB,CAChB,YAAoB,EACpB,WAAmB,EACnB,YAAoB,EACpB,gBAAwB;QAExB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;QAExE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE;YAClC,WAAW;YACX,YAAY;YACZ,gBAAgB;YAChB,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IASD,sBAAsB,CAAC,SAAiB;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE/C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,IAAI,IAAI,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAQD,uBAAuB,CAAC,SAAiB;QACvC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAMO,mBAAmB;QACzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;gBAC1B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAA;AA5KY,kDAAmB;8BAAnB,mBAAmB;IAD/B,IAAA,mBAAU,GAAE;qCASwB,sBAAa;GARrC,mBAAmB,CA4K/B"}

package/dist/services/sendgrid-email.service.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { ConfigService } from '@nestjs/config';
+import { IEmailService } from '../interfaces/email-service.interface';
+export declare class EmailService implements IEmailService {
+    private configService;
+    private readonly logger;
+    private readonly fromEmail;
+    private readonly fromName;
+    constructor(configService: ConfigService);
+    sendVerificationEmail(email: string, code: string, expiresInMinutes: number): Promise<void>;
+    sendPasswordResetEmail(email: string, resetToken: string, resetUrl: string): Promise<void>;
+    sendAccountLockedEmail(email: string, lockDurationMinutes: number): Promise<void>;
+    sendWelcomeEmail(email: string, name?: string): Promise<void>;
+    sendAccountLinkedEmail(email: string, provider: 'google' | 'facebook', linkedAt: Date): Promise<void>;
+    sendAccountUnlinkedEmail(email: string, provider: 'google' | 'facebook', unlinkedAt: Date): Promise<void>;
+    sendPasswordChangedEmail(email: string, changedAt: Date, ipAddress?: string): Promise<void>;
+    private renderVerificationHtmlTemplate;
+    private renderPasswordResetHtmlTemplate;
+    private renderAccountLockedHtmlTemplate;
+    private renderWelcomeHtmlTemplate;
+    private renderAccountLinkedHtmlTemplate;
+    private renderAccountUnlinkedHtmlTemplate;
+    private renderPasswordChangedHtmlTemplate;
+    private renderVerificationTextTemplate;
+    private renderPasswordResetTextTemplate;
+    private renderAccountLockedTextTemplate;
+    private renderWelcomeTextTemplate;
+    private renderAccountLinkedTextTemplate;
+    private renderAccountUnlinkedTextTemplate;
+    private renderPasswordChangedTextTemplate;
+    private capitalize;
+    private formatDate;
+}
+//# sourceMappingURL=sendgrid-email.service.d.ts.map

package/dist/services/sendgrid-email.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sendgrid-email.service.d.ts","sourceRoot":"","sources":["../../src/services/sendgrid-email.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE/C,OAAO,EAAE,aAAa,EAAE,MAAM,uCAAuC,CAAC;AAMtE,qBACa,YAAa,YAAW,aAAa;IAKpC,OAAO,CAAC,aAAa;IAJjC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiC;IACxD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;gBAEd,aAAa,EAAE,aAAa;IAe1C,qBAAqB,CACzB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,IAAI,CAAC;IAwBV,sBAAsB,CAC1B,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC;IAwBV,sBAAsB,CAC1B,KAAK,EAAE,MAAM,EACb,mBAAmB,EAAE,MAAM,GAC1B,OAAO,CAAC,IAAI,CAAC;IAwBV,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAwB7D,sBAAsB,CAC1B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,QAAQ,GAAG,UAAU,EAC/B,QAAQ,EAAE,IAAI,GACb,OAAO,CAAC,IAAI,CAAC;IA4BV,wBAAwB,CAC5B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,QAAQ,GAAG,UAAU,EAC/B,UAAU,EAAE,IAAI,GACf,OAAO,CAAC,IAAI,CAAC;IA4BV,wBAAwB,CAC5B,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,IAAI,EACf,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC;IA6BhB,OAAO,CAAC,8BAA8B;IA8GtC,OAAO,CAAC,+BAA+B;IAmGvC,OAAO,CAAC,+BAA+B;IAyFvC,OAAO,CAAC,yBAAyB;IAyFjC,OAAO,CAAC,+BAA+B;IAkGvC,OAAO,CAAC,iCAAiC;IAmGzC,OAAO,CAAC,iCAAiC;IA8GzC,OAAO,CAAC,8BAA8B;IAgBtC,OAAO,CAAC,+BAA+B;IAevC,OAAO,CAAC,+BAA+B;IAgBvC,OAAO,CAAC,yBAAyB;IAkBjC,OAAO,CAAC,+BAA+B;IAsBvC,OAAO,CAAC,iCAAiC;IAsBzC,OAAO,CAAC,iCAAiC;IA0BzC,OAAO,CAAC,UAAU;IAIlB,OAAO,CAAC,UAAU;CAMnB"}